Rafal Szarecki (JNCIE 136) has 20+ years of experience in networking industry. He has started his career working for ISP in Poland as Network Operation Centre stuff member in 1996. Later in his career he work in Customer Support consultant and then as Network Architect in Ericsson. In 2006 Rafal joined Juniper Networks Professional Services Team and later become Principal Consultant. He has worked on over 50 different projects, with more then 20 Telecoms and ISP including some of global reach such British Telecom, Telefonica, Telenor. He designed and/or helped in deployment in multiple countries in Europe and Middle East. During this time he was also active member of PLNOG.
Currently Rafal held position of Solution Architect in Routing Product Team in Juniper Networks in Sunnyvale, CA. In this role, Rafal is supporting the most challenging networks and customers in their architectural evolution and provide feedback to products development to ensure Juniper hardware and software will stand to this challenges.

Abstract

Many large-scale service provider networks use some form of scale-out
architecture at peering sites. In such an architecture, each
participating Autonomous System (AS) deploys multiple independent
Autonomous System Border Routers (ASBRs) for peering, and Equal Cost
Multi-Path (ECMP) load balancing is used between them. There are
numerous benefits to this architecture, including but not limited to
N+1 redundancy and the ability to flexibly increase capacity as
needed. A cost of this architecture is an increase in the amount of
state in both the control and data planes. This has negative
consequences for network convergence time and scale.
In this session we describe how to mitigate these negative
consequences through configuration of the routing protocols, both BGP
and IGP, to utilize what we term the "Abstract Next-Hop" (ANH). Use
of ANH allows us to both reduce the number of BGP paths in the
control plane and enable rapid path invalidation (hence, network
convergence and traffic restoration). We require no new protocol
features to achieve these benefits.

White box switches and open networking are no longer only for the hyper scale companies with giant IT organizations. White box in the enterprise is possible, given the right mindset, and a well thought out plan (after much lab testing)... This session discusses the pro's and con's, challenges and pitfalls, and eventual success of white box switch deployments at a medium size enterprise.

CTO at Qrator Labs, a DDoS mitigation and network monitoring company. Graduated from Moscow State University, faculty of Computational Mathematics and Cybernetics; has been working in the area of IT networking and monitoring for a decade. Has previously been presenting at numerous conferences, including BlackHat USA, RIPE Meeting, APNIC/APRICOT, and ICANN EE DNS Forum.

Abstract

During the 2015 BlackHat conference, the authors presented an approach which makes it possible for an arbitrary attacker to use vulnerabilities in the Border Gateway Protocol to obtain fraudulent certificates, recognized by browsers as valid ones, for Web sites an attacker couldn't otherwise control.
As a result, the overall security of Internet PKIX, which we all rely on daily while browsing our favorite social networks and banking systems, was shown to be at risk.
Plenty of time has passed since August 2015. Researchers were digging into the issue, certificate authorities kept an eye on it, changes to Internet protocols were designed and implemented, and black hats started to exploit the method after all.
As it is now almost four years after the discovery of the initial issue, it's a good time to examine the outcome: what has been done, what's yet to be done and how long does it take for the Internet community to amend an Internet protocol even for the greater good.

Andrei Robachevsky is the Senior Technical Programme Manager at the Interenet Society.
His primary area of interest is security and resilience of the Internet infrastructure. This work is based on active engagement with the operator, research and policy communities.
Prior to joining ISOC, Andrei was Chief Technical Officer of the RIPE NCC, responsible for the deployment of DNSSEC for the reverse DNS tree and deployment of anycast instances of the K-root DNS server.
Andrei brings to the Internet Society more than 20 years experience in the Internet technical community. For more than a decade he is actively following Regional Internet Registry (RIR) and Internet Engineering Task Force (IETF) activities. He was Chair of the Number Resource Organization’s (NRO) Engineering Coordination Group (ECG), which is responsible for various technical inter-RIR activities and projects. In 2010-2012 Andrei was a member of the Internet Architecture Board (IAB).

Abstract

There is nearly universal agreement that the Internet routing system is vulnerable to attack, but thoughts on how to address the problem vary from better technology to peer pressure to business incentives.
Routing security requires voluntary actions from every network, but there is little incentive for any individual network to take action. So what do we do?
We believe there is enough incentive to implement the minimal, absolutely essential elements of routing security - especially if they are perceived as a common business expectation, a norm. These norms many not necessarily bring tangible benefits to the individual network adhering to them, but they benefit society and the Internet as a whole. Norms can have wide societal support and help expose those who do not adhere to them, allowing for corrective actions.
In this talk, we will look at the Internet routing ecosystem and identify three main categories of actors: ISPs, IXPs, and cloud/content providers. We will explore which actions can have the biggest impact on the security of inter-domain routing and look at some of the incidents from 2018 and how they could have been avoided.
Finally, we'll present three minimum baselines for the respective categories and discuss how they can become norms.
To make the discussion more interactive, it will include real-time polling of the audience.

Christopher is one of the nations leading authorities on law and technology. Recognized as one of the most cited scholars in administrative and regulatory law as well as intellectual property, his major research projects include studying innovative ways to connect more people to the Internet; using technological principles to inform how the law can promote optimal interoperability; protecting privacy and security for autonomous vehicles, medical devices, and the Internets routing architecture; comparing antitrust enforcement practices in China, Europe, and the U.S.; copyright theory; and network neutrality. He is also building innovative integrated interdisciplinary joint degree programs designed to produce a new generation of professionals with advanced training in both law and engineering. The author of more than 100 scholar works, Yoo testifies frequently before Congress, the Federal Communications Commission, the Federal Trade Commission, the U.S. Department of Justice, and foreign governments.

Abstract

2018 saw major growth in adoption of the Resource Public Key Infrastructure (RPKI) framework for routing security, with NANOG 74 marking an inflection point. Over the year, players like Cloudflare and NTT began participating in the framework; the five Regional Internet Registries engaged in efforts to make implementing RPKI easier; programs like the Mutually Agreed Norms for Routing Security promoted RPKI around the world. At NANOG 74 in particular, many talks and myriad hallway discussions pushed the RPKI effort forward. As a result, RPKI use is higher than ever before. In Europe, for example, over 40% of announced IP space is now covered by a Route Origin Authorization—the attestation establishing who is permitted to publish routing announcements for given IP space. Yet, while North American numbers have increased, they remain below 10%. To ensure continued RPKI growth, the NANOG community must pay sustained attention to the adoption effort.
In addition to describing industry-wide efforts to develop awareness and better software tools to ease RPKI implementation, this talk will present the recommendations of my team’s report, published in December 2018, concerning the legal structure supporting RPKI’s adoption, which were heavily influenced by discussions at NANOG 74. Those discussions have already resulted in important changes to how RPKI resources are distributed by the American Registry for Internet Numbers (ARIN). ARIN further plans to consider a set of recommendations in the spring of 2019. The talk will outline the reasons behind the recommendations in light of community dialogue after NANOG 74. Further, the talk will raise an important new possibility: Would it be valuable to establish an independent nonprofit organization devoted to publishing the North American RPKI repository? Such an organization would require significant effort to create and operate, but it may be more reliable and resilient when compared with the current structure for RPKI repository distribution.

Named one of the “100 Most Influential People” by TIME Magazine, Mozilla co-founder and chairwoman Mitchell Baker is responsible for organizing and motivating a massive, worldwide, collective of employees and volunteers who are building the internet as a global public resource. Deeply engaged in developing product offerings that promote the mission of empowering individuals, Mitchell also guides the overall scope and direction of Mozilla’s mission, and is a strong advocate for the open internet, open source, and the importance of connecting technology to its impact on individuals and society. She has appeared on a number of international news programs, including NBC’s “Meet the Press, “BBC’s “HardTalk,” and NPR’s “Morning Edition,” and has spoken at many high-level events, like Tech for Good, VivaTech, Wired NextFest, and the World Economic Forum.

Abstract

Don’t miss this opportunity to hear one of TIME Magazine’s “100 Most Influential People” speak on her professional path and personal experiences as a woman working in tech, followed by a short Q&A.

Christian Urricariet is Senior Director of Global Marketing at Finisar. He has spent over 20 years introducing optical interconnect solutions for data centers, enterprises and telecom service providers worldwide. Since joining the company in 1999, he has held a variety of Product Management and Marketing roles encompassing the company’s 400G, 100G, 40G, 10G, 2G and 1G optical product lines. Prior to joining Finisar, he held several telecom product marketing and business development positions at Raychem Corporation. He holds an Electronics Engineering degree from the Buenos Aires Institute of Technology (ITBA).

Abstract

The data center ecosystem is going through unprecedented growth and innovation as new players, new business models and new technologies converge. One of the drivers is the evolving landscape of fiber optics technologies enabling new architectures and enhanced levels of performance for both cloud service providers and enterprises. Data centers now require Ethernet switches supporting 400 Gb/s data rates with high port count and low power dissipation. The talk covers the latest 400G industry trends in optics for the data center.

Aldrin is involved in strategic product development at Juniper. Prior to joining the Juniper team in 2015, Aldrin spent 20 years designing, building and running networks. He was the chief technologist responsible for the design and development of the global IP/MPLS and data center networks of a premier financial news, media and SaaS company, supporting the reach of its business to over 100 countries. During his career as an operator, Aldrin bootstrapped the industry collaboration that led to EVPN (RFC7432), for which is also a coauthor. Aldrin is also a pioneer in fully automated network infrastructure.

Abstract

Despite its growing use as a Metro Ethernet protocol, EVPN was originally conceived to enable highly flexible and scalable LANs. In this tutorial RFC7432 co-author, Aldrin Isaac, will cover key building block functions and service models with EVPN and how they might be leveraged to support diverse use cases in LAN fabrics. Focus will be more on the ways to use EVPN and less on the inner workings of the protocol itself.
Topics covered:
- Building block functions and service types
- Special use cases
- Service chaining concepts
- Overlay replication

Christian Schmutzer is a Principal Engineer at Cisco Systems and has been with the company since 1998. Early on Schmutzer worked primarily on the design and deployment of large service provider backbones – with the focus on optical and routing technologies. Schmutzer then drove, as the technical expert, the product development and marketing strategy for the ASR 9000 and Cisco 7600 series router platforms. Since 2013 Schmutzer has been working on Packet/Optical network architectures and product development. He is the Principal Architect for Cisco's Transport Network Modernization Architecture. As a speaker for technical tutorials worldwide, he frequently shares his practical experience. He received his Masters from the Fachhochschule Technikum-Wien, Austria

Abstract

For many years optical transport networks have been deployed using TDM technologies such as PDH, SONET and OTN providing highly performant and resilient services to voice and data networks. With recent advances in router/switch architectures, embedded control plane protocols and central application software a single MPLS network layer can deliver any service that so far only PDH, SONET or OTN could deliver. During this session we will talk about some common "concerns" such as cost of transmission, latency & jitter, bandwidth guarantees & loss, service assurance & OAM and how they are no longer valid for a "neatly designed" MPLS transport network allowing network operators to remove the complexity of running many parallel networks.
Submitted for Christian Schmutzer, Principal Engineer, Optical Systems, Cisco
Bio: Christian Schmutzer is a Principal Engineer at Cisco Systems and has been with the company since 1998. Early on Schmutzer worked primarily on the design and deployment of large service provider backbones – with the focus on optical and routing technologies. Schmutzer then drove, as the technical expert, the product development and marketing strategy for the ASR 9000 and Cisco 7600 series router platforms. Since 2013 Schmutzer has been working on Packet/Optical network architectures and product development. He is the Principal Architect for Cisco's Transport Network Modernization Architecture. As a speaker for technical tutorials worldwide, he frequently shares his practical experience. He received his Masters from the Fachhochschule Technikum-Wien, Austria

Since 2010 Taylor has worked with security technologies in the cable industry. He began his career with the Brighthouse Networks Business Solutions Services team as an operations engineer supporting enterprise customers with a focus on security and managed services. In 2013 he transitioned to a role in the Brighthouse sustaining engineering group where he would deploy and support the DDoS detection and mitigation infrastructure among many other responsibilities involving support of infrastructure and commercial customers. With the merger of Charter and Time Warner Cable he moved into the Advanced Engineering Security Architecture group where his role has expanded to a much broader landscape of network security while still focusing heavily on DDoS mitigation architectures, network consolidation, and solving new security challenges for very large networks.

Pratik Lotia, Charter Communications

Pratik Lotia works as a Security Engineer in the Advanced Engineering Security Architecture group at Charter Communications where he focuses on Automation, IPS/IDS, Botnets, network consolidation and designing new security solutions for very large networks. He has been working in automation technologies since 2013 while running a startup and is also working on developing various in-house DDoS mitigation tools. He has received recognition for his work from Lockheed Martin, Tata Group and Government of India.

Abstract

DDoS Peering has been talked about a lot in theory but it's high time we started actual implementation. This talk intends to explain the proof of concept, we have developed at Charter Comm. and calls for action from ISPs to participate in this so that we can mitigate DDoS attacks in a more effective way.

Jared Mauch works for NTT Communications Global IP Network in the Network Architecture and Development team. He has been active in network abuse and mitigation and won the J.D. Falk award for his work on the OpenResolverProject and other related works. He continues to work on routing and infrastructure security with an interest in the social and business reasons behind malicious actors.

Abstract

RIPE announced a trial service called RIS Live which lets you monitor BGP data in realtime. Monitoring BGP updates in realtime can provide important insights to your network and operations.

Monday had a talk on streaming telemetry where OpenConfig models and protocols featured and several of the microphone questions/comments related to a demand for standards definition and adoption.
Comcast is actively working towards using OpenConfig to configure and monitor its core network. This lightning talk will be an overview of what we're getting up to, including working with the OpenConfig community and our vendors to maximize coverage for our use cases, and where we're going with these models.
If there is interest we may be able to return at NANOG 76 with a full talk on our progress and challenges.

This tutorial includes hands-on exercises; instructions for downloading the software is at https://p4.org/events/2019-02-19-nanog/
Download all software prior to the tutorial. Attendees will learn how to express conventional and novel data-plane applications in the P4 language, and how to compile, execute, and evaluate P4 programs. We will provide a VM image containing all the necessary packages and tools. The P4 specification is publicly available at the P4 website under an Apache license. Key development tools are available as open-source tools (http://github.com/p4lang).
P4 (www.p4.org) is a programming language for describing how network packets should be processed on a variety of targets, ranging from general-purpose CPUs to network processors, FPGAs, and custom ASICs. P4 was designed with three goals in mind: (i) protocol independence: devices should not “bake in” specific protocols; (ii) field re-configurability: programmers should be able to modify the behavior of devices after they have been deployed; and (iii) portability: programs should not be tied to specific hardware targets. The P4 community maintains the language specifications, a set of open-source development tools, and sample P4 programs with the goal of making it easy for P4 users to quickly and correctly author new data-plane behaviors.
P4 continues to be a transformative technology in networking and an increasingly popular choice for developing data-plane designs. Well-known data-plane features typically realized in a fixed-function logic are now being authored in P4, allowing network owners to understand and even verify their network devices’ behavior in an unambiguous manner. Meanwhile, new ideas are also being prototyped, evaluated, and productized in P4. We believe there are many opportunities for network operators to help evolve the design of the language, discover new implementation techniques, and develop their own custom use cases.

Krassimir Tzvetanov is a security engineer at Fastly, a high performance CDN designed to accelerate content delivery as well as serve as a shield against DDoS attacks.
In the past he worked for hardware vendors like Cisco and A10 focusing on threat research, DDoS mitigation features, product security and best security software development practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two missing critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications.
Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.

Abstract

Working with LE is something that many providers fear because of the unknown and and potentially some history.
However, over the past decade the anti-abuse community has come to appreciate working with LE and there has been a number of really good examples of sucessfull collaboration. Mirai take-down, the Booter services take-down from Dec 2017, etc.
The purpose of this track is to bring in some case studies of combined commercial company and LE work to light.
* Elliott Peterson: Mirai take-down
* Gabriel Andrews: (undisclosed)
* Elvis Chan: (undisclosed)
* Case 4 (undisclosed)
* Panel discussion